IT giant Ingram Micro is notifying roughly 42,000 people that their personal information was compromised in a ransomware attack. The incident occurred on July 3, 2025, and forced the IT products and services distributor to take certain systems offline to contain the attack, which resulted in widespread outages across its services. Ingram Micro was able to restore the affected systems roughly a week later, resuming operations across all countries and regions by July 9. READ MORE...
The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. The organization disclosed the incident on August 18, but completed an extensive forensic investigation this year, on January 14. CIRO is Canada's national self-regulatory body for investment dealers, mutual fund dealers, and trading activity. It was formed in 2023 and is currently a core pillar of the country's financial regulatory framework. READ MORE...
Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine. Investigators also named the alleged organizer, a Russian national, and placed him on an international wanted list through INTERPOL. Foreign law enforcement agencies said the individual may have connections to activity associated with the Conti ransomware operation. READ MORE...
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track browsing behavior and run malicious code inside the browser. READ MORE...
A newly identified information stealer relies on legitimate APIs and third-party libraries for evasive, persistent data harvesting and exfiltration, cybersecurity company Cyfirma reports. Dubbed SolyxImmortal, the malware is written in Python and includes broad data theft and user surveillance capabilities, such as credential and document harvesting, a keylogger, and screen monitoring. According to Cyfirma, SolyxImmortal is a monolithic Python application targeting Windows systems. READ MORE...
Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google's Fast Pair system that allows attackers to seize control without the owner ever touching the pairing button. The issue, dubbed "WhisperPair," was uncovered by researchers at KU Leuven, who found that many Bluetooth accessories claiming support for Fast Pair fail to properly enforce one of its most basic safety checks. READ MORE...
A critical vulnerability in the AWS Console flagged by security researchers could have led to a massive supply chain attack, according to a report released Thursday by Wiz. The vulnerability, dubbed CodeBreach, could have allowed an attacker to take over core AWS GitHub repositories - specifically the AWS JavaScript SDK - which power the AWS Console and is installed in about two-thirds of cloud environments, according to Wiz. READ MORE...
A critical flaw in Fortinet FortiSIEM is under exploitation from threat groups, just days after release of a proof of concept. The vulnerability, tracked as CVE-2025-64155, involves an improper neutralization of special elements used in an operating system. An attacker would be able to execute unauthorized commands on a system. Fortinet released an advisory on the flaw on Tuesday, following disclosure from researchers at Horizon3.ai. READ MORE...